According to DefenseCode, Cisco was contacted about the remote preauth (root access) vulnerability several months ago. The company also passed-on a detailed vulnerability description along with the PoC exploit for the vulnerability.

It seems that Cisco thought that the vulnerability was already fixed in the latest firmware, but according to DefenseCode it isn’t.

“Although we can confirm contact with DefenseCode, we have no new vulnerability information related to our WRT54GL or other home routers to share with customers at this time. We will continue to review new information that comes to light and will provide customer updates as appropriate,” said a Cisco spokeswoman told SC Magazine Australia.

However Cicso, who owns the Linksys brand, did finally admit to the problem: “Following our assessment of information recently released by DefenseCode, we have confirmed a vulnerability in the Linksys WRT54GL home router,” the company said in a e-mail to The Register. “At this point, no other Linksys products appear to be impacted.”

DefenseCode says that it will make a full disclosure of the vulnerability in the next two weeks.

(LiveHacking.Com) – Cisco has released a security advisory and software updates to fix four buffer overflow vulnerabilities found in its WebEx Recording Format (WRF) player. The advisory also covers a buffer overflow vulnerability in the Cisco Advanced Recording Format (ARF) player. By exploiting these vulnerabilities it is possible, in some cases, for a remote attacker to execute arbitrary code on the targeted system.

The players affected are part of Cisco’s WebEx meeting system and can be used to play back meetings recorded using the WebEx format. To exploit any of the vulnerabilities, the player application must open a specially crafted WRF or ARF file. This could be achived by using social engineering and tricking the user into opening the malicious file directly (for example, by using e-mail or social media). However the vulnerabilities cannot be triggered by users who are attending a WebEx meeting.

A summary of the bugs and the Common Vulnerabilities and Exposures (CVE) identifiers have been released:

The following client builds of Cisco WebEx Business Suite (WBS 27 and WBS 28) are affected by at least one of the vulnerabilities:

Client builds 28.0.0 (T28 L10N)

Client builds 27.32.1 (T27 LD SP32 CP1) and prior

Client builds 27.25.10 (T27 LC SP25 EP10) and prior

Client builds 27.21.10 (T27 LB SP21 EP10) and prior

Client builds 27.11.26 (T27 L SP11 EP26) and prior

If the players were automatically installed on a PC then they will be automatically upgraded to the latest version when a users tries to access a recording file on the WebEx meeting site. If the WRF or ARF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/play-webex-recording.html.

(LiveHacking.Com) – Cisco has released three security advisories detailing vulnerabilites which can allow an attacker to execute arbitrary code or cause denial-of-service conditions in some of its products.

The affected products are:

Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA)

Cisco Catalyst 6500 Series ASA Service Module (Cisco ASASM)

Cisco AnyConnect Secure Mobility Client

Cisco Application Control Engine (ACE)

According to the first advisory, Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and the Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that can allow an unauthenticated, remote attacker to cause the reload of the affected device. However this vulnerability can only be triggered by IPv6 transit traffic. Cisco has released free software updates that addresses the vulnerability.

Cisco has released free software updates that address these vulnerabilities.

The third advisory describes how Cisco ACE appliances or modules are vulnerable when running in multicontext mode. According to Cisco, for this vulnerability to be exploited two or more contexts must be configured with the same management IP address. The administrator must have valid login credentials for the incorrect context when being logged in.

The first set of vulnerabilies are found in the Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM). The Cisco ASA UDP inspection engine that is used to inspect UDP-based protocols contains a vulnerability that could allow a remote unauthenticated attacker to trigger a reload of the Cisco ASA. The vulnerability is due to improper flow handling by the inspection engine. An attacker could exploit this vulnerability by sending a specially crafted sequence through the affected system.

Next, it has been revealed that the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) denial of service vulnerability. A vulnerability exists in the way PIM is implemented that may cause affected devices to reload during the processing of a PIM message when multicast routing is enabled. The vulnerability is due to improper handling of PIM messages. An attacker could exploit this vulnerability by sending a crafted PIM message to the affected system.

Lastly, Cisco is warning that the client side ActiveX control used with Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser.

(LiveHacking.Com) – Cisco has released six security advisories to address multiple vulnerabilities for a wide range of its products. These vulnerabilities may allow a hacker to execute arbitrary code, launch a denial-of-service attack, operate with escalated privileges and bypass security restrictions.

The first of the six advisories is about the Cisco Cius Software. According to Cisco it contains a denial of service vulnerability that could cause the device to stop responding. Devices running Cius Software Versions prior to 9.2(1) SR2 are vulnerable. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious network traffic to affected devices. Cisco has released free software updates that address this vulnerability. Affected products are all Cius Wifi devices running Cius Software Version 9.2(1) SR1 and earlier.

The second vulnerability affects Cisco Unified Communications Manager devices which may allow a remote, unauthenticated attacker with the ability to send crafted Skinny Client Control Protocol (SCCP) messages to an affected device to cause a reload or execute attacker-controlled SQL code. The following products are affected Cisco Unified Communications Manager Software versions 6.x, 7.x and 8.x and Cisco Business Edition 3000, 5000, and 6000.

Cisco Unity Connection contains two vulnerabilities, a privilege escalation vulnerability and a denial of service vulnerability. Exploitation of these may allow an authenticated, remote attacker to elevate privileges and obtain full access to the affected system or cause system services to terminate unexpectedly. Cisco has released free software updates that address these vulnerabilities. Affected versions are Cisco Unity Connection 7.1 (and earlier), 8.0, 8.5 and 8.6.

The Cisco Wireless LAN Controller (WLC) product family is affected by several vulnerabilities including three different types of denial of service vulnerability (HTTP, IPv6 and WebAuth) as well as an unauthorized access vulnerability. Cisco has released free software updates that address these vulnerabilities.

Each of the following products is affected by at least one of the vulnerabilities:

Cisco 2000 Series WLC

Cisco 2100 Series WLC

Cisco 2500 Series WLC

Cisco 4100 Series WLC

Cisco 4400 Series WLC

Cisco 5500 Series WLC

Cisco 500 Series Wireless Express Mobility Controllers

Cisco Wireless Services Modules (WiSM)

Cisco Wireless Services Modules version 2 (WiSM version 2)

Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)

Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

Cisco Catalyst 3750G Integrated WLCs

Cisco Flex 7500 Series Cloud Controllers

Penultimately, Cisco TelePresence Video Communication Servers running software versions prior to X7.0.1 contain vulnerabilities that could allow an attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities.

Lastly the Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities: a web interface command injection vulnerability, a unauthenticated configuration upload vulnerability and a directory traversal vulnerability. These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address these vulnerabilities.

The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26:

Cisco SRP 521W

Cisco SRP 526W

Cisco SRP 527W

The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4:

Cisco SRP 521W-U

Cisco SRP 526W-U

Cisco SRP 527W-U

The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4:

(LiveHacking.Com) – Cisco has released a security advisory for its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) due to a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Since the appliances run AsyncOS, a modified version of the FreeBSD kernel they are vulnerable to a Telnet bug (that affects FreeBSD and many Linux distributions) which was discovered at the end of last year.

CVE-2011-4862 is a buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0. When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary
code with the privileges of the daemon (which is usually the “root” superuser).

On a standard FreeBSD installation Telnet is disabled (and has been since 2001), but the Cisco variant has Telnet enabled by default. Fixes for the vulnerability are not yet available for AsyncOS (they are FreeBSD) so Cisco recommend disabling Telnet to mitigate this vulnerability.

(LiveHacking.Com) – Cisco has released a security advisory to address a vulnerability in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Smart Install uses TCP port 4786 for communication. An established TCP connection with a completed TCP three-way handshake is needed to be able to trigger this vulnerability.

There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature. But Cisco has released free software updates that address this vulnerability.

(LiveHacking.Com) – Cisco has released two security advisories to address vulnerabilities which may allow an unauthenticated attacker to execute arbitrary code. The problems are in the CiscoWorks LAN Management Solution, the Cisco Unified Service Monitor, and the Cisco Unified Operations Manager.

In both cases these vulnerabilities can be triggered by sending a series of crafted packets to the affected server over TCP port 9002. Cisco has released free software updates that address all of these vulnerabilities.

Cisco Unified Communications Manager contains five DoS vulnerabilities that could cause a critical process to fail, resulting in disruption of voice services.

Cisco Unified Communications Manager and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions.

Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload.